[prog] 'protecting' perl code

Riccarda Cassini riccarda.cassini at gmx.de
Fri May 7 04:14:12 EST 2004 

Hey Almut,
is there anything you don't have a ready-made solution for? :-)


On Thu, 6 May 2004 22:09:53 +0200, Almut Behrens wrote:
> Thanks (if I was among the ones you had in mind :)
> 
Almut, you were *the* one... :-)

> Using the perl compiler is not a real option for this purpose, because
> (a) it's still too 'experimental' for real production use, and (b) it's
> hardly possible to take effective measures against automatic
> decompilation of the byte code.

OK, didn't know about that. So, I figure I can forget about that route.


> To get a general idea of what source filtering allows you to do, you
> might want to take a look at the module Acme::Bleach or Acme::Morse by
> Damian Conway. Acme::Bleach allows you to represent/recode any perl
> source as whitespace characters only, while retaining executability.

Just took a quick look at Acme::Bleach. Definitely looks like fun stuff.
Although I have to confess I do not (yet) understand how it works, it 
gives me some sense of the power that's behind this approach.

Will also take a closer look at Filter::Util::Call, and do my homework
and read 'perldoc perlfilter'...


> From the point of view of cryptography, the whole obfuscation approach
> is _always_ lame, but for many practical purposes, the time required to
> crack some program would typically be beyond what it's worth -- if done
> well enough.
> (Make sure, however, that your client knows about these facts...
> preferably in written form.)

If I'm understanding this correctly, the protection level achieved by
some properly done obfuscation would roughly be the same as that of an
ordinary binary program.  In the latter case you'd have to reverse
engineer the binary in the debugger, while with the obfuscated perl
script, you'd have to crack the special perl interpreter containing the
decryption routines. Is that right?


> Here's a rough sketch of what needs to be done (more details upon
> request):
> 
> <snipped lots of good but (for me) slightly intimidating tips...>
> 

Looks like I have to learn some C.  Sooner than I thought.  Actually,
I wanted to dive into Perl first...
Looks like an almost perpendicular learning curve, if you ask me ;-)
Well, I'm not the one to be discouraged easily, whatever the obstacle.
Other people have done it, so why shouldn't I?

I guess I can request the details as required...?


> For various reasons I don't want to go into here, I can't make the
> source of the solution I wrote publically available. But you (Riccarda)
> can have the code, makefiles, etc. as an example solution, if you
> promise to modify it sufficiently and not sell it to someone in the
> immediate vicinity of the company I originally wrote it for.

That'd be very nice! - I'll promise whatever you want...
I'm sure any of my attempts to recast the code will disfigure it
beyond recognition.

Riccarda



> Well, you know what to do first...
> 
Yes...

<a_personal_thing>
Don't know how to put it, Almut, but I so much appreciate you're still
talking to me after what I did.  I want to publicly say I'm sorry!
Honestly.  Hope you accept my apologies.  I was overreacting, and it
wasn't fair after all that you've done for me.  Almut, I need you - not
only because you're continuously solving my technical problems ...
Please, can we be friends again?
</a_personal_thing>

Apologies to anyone else for bothering you with our little soap opera.
Enough apologies now. I'll try not to do it again.



-- 
NEU : GMX Internet.FreeDSL
Ab sofort DSL-Tarif ohne Grundgebühr: http://www.gmx.net/dsl

More information about the Programming mailing list